Hacking may soon be used to combat money laundering, cash counterfeiting, drug trafficking, and over 30 other crimes.
Cops are getting comfortable with hacking. Already, agencies across the world are using malware or other techniques to identify child pornographers, bomb hoaxers, and stalkers.
But, in the continuing battle over the proliferation of easy-to-use encryption, German lawmakers want to go further. On Thursday, the Bundestaag—the German parliament—passed legislation authorizing the country’s law enforcement to use malware in a wider range of investigations, including drug trafficking.
“Police must be able to do what terrorists and criminals can already do today,” Johannes Fechner from the SPD, a centre-left party which forms part of the current government, said during a debate before the vote.
The news revolves around Germany’s so-called “state trojan,” an overarching term given to the authority’s hacking capabilities. Back in 2011, German hacking organization the Chaos Computer Club dissected one version of it, which could siphon off data but had a host of vulnerabilities.
The new change expands the use of malware to 38 different criminal offenses, including drug trafficking, money laundering, currency counterfeiting, bribery, sex crimes, and the distribution of child sexual abuse imagery.
Hans-Christian Ströbele from the Green Party criticized the law, and said that it will not withstand a complaint at the German Supreme Court.
“What’s completely missing from this law is an obligatory and independent test of what the tool can actually do and does when it’s used; but this is what the Bundesverfassungsgericht [Supreme Court] has explicitly demanded,” he said during the debate.
This legislative expansion comes as European politicians call for more to be done about the increased use of encryption; something that end-point hacking circumvents. In general terms, malware could obtain the contents of a communication before the device or messaging application, such as WhatsApp, encrypts it.
Both the UK’s Prime Minister and Home Secretary have said companies providing encryption should do more to help the authorities. The UK recently passed the Investigatory Powers Act, which explicitly gave law enforcement agencies authority to use malware for the first time. “Equipment interference” can be used in cases of serious crime.
However, European politicians have proposed legislation that would ban backdoors in encryption products.